EU-US Privacy Shield pact to pass first annual review

A year-old pact underpinning billions of dollars of transatlantic data transfers will get the green light from the European Union on Wednesday (18 October) after the first review to ensure Washington protects Europeans’ data stored on US servers.

The EU-US Privacy Shield was agreed last year after everyday cross-border data transfers were plunged into limbo when the EU’s top court struck down a previous data transfer pact in 2015 because it allowed US spies excessive access to people’s data.

The European Commission last month conducted its first annual review of the framework as it seeks to ensure the United States lives up to its promises to better protect Europeans’ data when they are transferred across the Atlantic – failing which it could suspend the Privacy Shield.

The EU executive however is satisfied that the framework continues to ensure adequate protection of Europeans’ personal data although it will address a number of recommendations to Washington, an EU source told Reuters.

European privacy watchdogs have received “a few” complaints about the privacy shield data transfer agreement with the United States since it was brokered one year ago, the EU’s top privacy advocate said in an interview.

The conclusion will come as a relief to the over 2,400 companies signed up to the scheme including Alphabet Inc’s Google, Facebook and Microsoft.

The source said the practical implementation of the Privacy Shield could be improved by, for example, a tougher monitoring of the compliance of companies with its privacy rules.

The European Parliament wants the European Commission to ‘Trump-proof’ the Privacy Shield data sharing agreement between the EU and the United States after the new US administration threatened to roll back some privacy safeguards.

Companies wanting to transfer Europeans’ personal data outside the bloc have to comply with tough EU data protection rules which forbid them from transferring personal data to countries deemed to have inadequate privacy protections unless they have special legal contracts in place.

The Privacy Shield allows firms to move data across the Atlantic without relying on such contracts, known as model clauses, which are more cumbersome and expensive.

EU Justice Commissioner Věra Jourová told reporters last month she wanted the United States to appoint a fully-fledged privacy ombudsperson – a new office that was created as part of the Privacy Shield to deal with complaints from EU citizens about US spying.

EU Justice Commissioner Věra Jourová said she was relieved that US President Trump’s “America first” policy will not shatter the EU-US privacy shield agreement on data transfers, after meeting with Commerce Secretary Wilbur Ross on Monday (18 September) to scrutinise the one-year-old deal.

She also said she was concerned about potential changes to a controversial portion of the US Foreign Intelligence Surveillance Act (FISA), which needs to be reauthorised before the end of the year.

“Of course we are very concerned about what the new version of this act will mean for Privacy Shield. I was very clear about our position that we do not want to see any changes which will go to the detriment of the protection of private data of Europeans so we will be watching this very closely in the coming weeks and months,” she said.